Method for loading an application in a device, device and smart card therefor

ABSTRACT

An application is loaded into a device, such as downloading an application into a portable device, such as a mobile telephone, by downloading the application with a signature to the device. The signature of the application is coupled to a predefined attribute certificate stored in the device. The application and said attribute certificate are then installed together. The signature of the application may be coupled to a root certificate that in turn links the application to a predefined attribute certificate.

FIELD OF THE INVENTION

The present invention relates to a method for loading an applicationinto a device, and more particularly control of the application'sinterface with the device. The invention also relates to such a deviceand a smart card usable in such a device.

STATE OF THE ART

WO 00/59225 and U.S. Pat. No. 1-6,223,291 disclose a secure wirelesselectronic-commerce system with wireless network domain. The systemcomprises a wireless network operator certification authority having aroot public key certificate and at least one attribute authority havinga digital certificate that is dependent from the root public keycertificate. The attribute authority is accessible by a wireless clientdevice via a wireless network. The digital certificate is delivered fromthe attribute authority to the wireless device. The attribute authorityis verified to the wireless client device using the digital certificateand the root public key certificate preloaded in the wireless clientdevice under authority of the wireless network operator. An attribute isdelivered to the wireless client device over the wireless network andultimately enabled at the wireless client device.

A problem with this kind of system is that attributes are delivered overthe wireless network requiring more steps and contacts before anapplication using the attribute may be installed in the device.

According to the present invention, generic attribute certificates arepreloaded in the device. An attribute certificate is linked to anapplication using a signature and a certificate chain of the downloadedapplication.

SUMMARY OF THE INVENTION

According to a first aspect of the invention, there is provided a methodfor loading an application in a device.

The method includes the steps of:

-   downloading the application with a signature to the device;-   coupling the signature of the application to a predefined attribute    certificate stored in the device;-   installing the application coupled to said attribute certificate.

Preferably, the signature of the application is coupled to a rootcertificate which in turn is linking the application to a predefinedattribute certificate.

According to a second aspect of the invention, there is provided adevice comprising: means for storing and executing an application inconnection with function units, the access of which is controlledthrough an interface unit.

The device further includes or is connectable to:

-   means for storing at least one predefined attribute certificate    capable of being linked to the application for controlling the    interface unit.

Preferably, the predefined attribute certificate is linked to a rootcertificate also stored in the device.

The device may be a mobile telephone.

According to a third aspect of the invention, there is provided a smartcard connectable to a device, the device comprising: means for storingand executing an application in connection with function units, theaccess of which is controlled through an interface unit.

The smart card includes: means for storing at least one predefinedattribute certificate capable of being linked to the application forcontrolling the interface unit.

Preferably, the predefined attribute certificate is linked to a rootcertificate also stored in the smart card.

BRIEF DESCRIPTION OF THE DRAWINGS

The invention will be described below with reference to the accompanyingdrawings, in which,

FIG. 1 is a schematic view of a device according to the invention in awireless environment, and

FIG. 2 is a schematic illustration of the structure of the storage ofthe various certificates.

DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS

The invention relates generally to downloading of applications intoportable devices, typically mobile telephones. The user may wish todownload new functions or applications, such as tools and games andgenerally content items, to upgrade the telephone. The applications maybe provided by third-party developers, independent from the originaltelephone manufacturer. For warranty and safety reasons, the user, andoften the telephone manufacturer, want to control that the telephone isnot rendered inoperable or is damaged by the new application. As isdiscussed above, a system has been devised in which the authenticity ofthe application may be checked by means of digital signatures appendedto the application, and attribute certificates are downloaded as well tocontrol that the application only is allowed limited access to existinghardware and software through an interface, often called API(Application Programming Interface) in the device.

The debiting and authentication of the user himself forms no part of theinvention.

In FIG. 1, a device 1 according to an embodiment of the invention isillustrated in a wireless environment. The device may typically be amobile telephone. Only parts relevant to the invention are shown, whileother conventional parts are omitted, such as keypads, radio interfacesetc.

The wanted application 2 is to be installed in an execution environment9, typically a JAVA environment. The application 2 is supplied by anapplication developer 8 through the air as symbolised by the arrow.

When the application is installed it will have limited access through aninterface unit (API) 4 to function units 3 of the device, such as aphone book or keypad control unit. The application may e.g. be a game,in which the keypad should be controlled in a special manner. In thiscase the interface unit 4 should allow access to the function unit 3controlling the keypad. It is desired that the application has limitedaccess right, as small as possible, in order not to interfere withfunctions that are not used by the application. Of course, the accessright varies for different applications.

A security manager 7 checks the verification of the downloadedapplication and also controls the access rights in the interface unit 4.The access rights are defined by preloaded attribute certificates as isdiscussed below.

The attribute certificates as well as root certificates are stored inthe device either in built-in memories, such as a flash memory 5 or in asmart card 6, connectable to the device 1. A typical example of a smartcard in a mobile telephone is a SIM (Subscriber Identity Module) card.The card contains subscriber identity and authentication information andthere is also room for storing various user data. The card may alsocontain a WIM part, a WAP (Wireless Application Protocol) identitymodule that provides an interface for services relating to wirelessInternet as well as data storage services. The smart card preferablyuses PKCS#15 (Public Key Cryptography Standard# 15) for object formats.PKCS#15 defines e.g. a file structure on the card.

FIG. 2 illustrates an example of a file structure 10 in accordance withthe present invention. Root certificates 13 are stored under a catalogue11 containing all the roots. A root certificate is a public keycertificate issued by a certificate authority. A possible structure of aroot certificate is shown in box 16. It contains at least informationabout the issuer, the subject, a validity period, a public key and asignature. In a root certificate the issuer and subject fields have thesame value. The digital signature is created by means of the private keyassociated with the public key and may be used to verify signatures.

Similarly, the attribute certificates 14 are stored under a catalogue 12containing all the attributes. A possible structure of an attributecertificate is shown in box 17. The attribute certificate contains atleast information about the issuer, subject, validity (optional), and asignature and for the purpose of the present invention information aboutaccess rights. In other words, the attribute certificate defines ageneric profile for controlling the interface 4 in connection with oneor several applications to be associated with the profile.

Each root certificate 13 is associated with one attribute certificate14. In one embodiment a file property of each root certificate 13contains an identifier field 15 having a specific value. Also, theattribute certificate files 14 contain the same type of file propertyidentifier field 15. When a specific root certificate is selected, theassociated attribute file is found by comparing the identifier fieldsuntil a match is obtained, i.e. the identifier fields have the samevalue. In FIG. 2, Root certificate 1 is associated with Attributecertificate 2.

A 20 byte public key SHA-1 hash may be used as an identifier. The hashvalue could be stored in PKCS#15 Common Data Object Attributes.iD field.

An example of the procedure for downloading an application into a deviceis described below. The mobile user finds, e.g. in a browsing session onthe Internet, an application from a developer 8. The user downloads theapplication 2 with a signature and a certificate chain. The securitymanager 7 takes the signature and follows the certificate chain back tothe root certificate stored in the device. The signature verifies theauthenticity of the application, if it matches the root certificate.

The identifier 15 of the root certificate 13 is retrieved from the filestructure 10. The corresponding attribute certificate 14, having thesame value in the identifier field 15, is found. Then the applicationmay be installed in the device with the found attribute certificatecontrolling the interface unit 4 via the security manager 7.

The file structure 10 may be built in in the device 1 at themanufacturer, e.g. in the flash memory 5. However, storage in a smartcard 6, such as a SIM card, gives certain advantages. The attributecertificate can be built into the smart card at the manufacturer thereofor may also be downloaded over the air into the smart card. This enablesa telephone operator to change root certificates and attributecertificates in the SIM card, e.g. by using a special toolkit, theSIM-AT (SIM Application Toolkit).

Thus, the present invention provides a system for downloadingapplications into mobile devices over the air in a secure manner. Theinvention has several advantages:

The cross reference problem is solved since an attribute certificate canbe cross-referenced with the root certificate.

By storing the attribute certificate along with other criticalcertificates in the trusted certificate directory file, which inherentlyis write protected, the problem of storing the attribute certificate ina write protected environment is solved.

Since a certificate authority signs attribute certificates, they have abuilt-in security mechanism. This enables a secure opportunity todownload the certificates over the air.

Over the air download of the attribute certificates linked to rootcertificates could be done in the same way as signed root certificatesare downloaded in the WPKI (Wireless Public Key Infrastructure).

Attribute certificates have the potential of being linked to more thanone root certificate. This means that authorisationinformation/permissions can be linked to any certificate in thecertificate chain. It can even be linked to something else than anidentity carried in a certificate.

The invention can be applied in portable radio communication such asmobile telephones, pagers, communicators, electronic organisers,smartphones and the like. The scope of the invention is only limited bythe claims below.

1. A method for loading an application in a device, comprising:preloading an attribute certificate in the device defining a genericprofile of access rights; downloading the application with a signatureto the device; coupling the signature of the application to thepredefined attribute certificate stored in the device; installing theapplication coupled to said attribute certificate.
 2. A method accordingto claim 1, wherein-coupling the signature comprises: coupling thesignature of the application to a root certificate that links theapplication to a predefined attribute certificate.
 3. A method accordingto claim 2, further comprising: authenticating the application againstthe stored root certificate.
 4. A method according to claim 2 whereinthe predefined attribute certificate and the root certificate are storedin files and are linked by having an equal value in their respectivefile properties.
 5. A method according to claim 4, wherein thepredefined attribute certificate and the root certificate are stored ina PKCS#15 structure.
 6. A method according to claim 1, wherein thepredefined attribute certificate is stored in a flash memory.
 7. Amethod according to claim 1, wherein the predefined attributecertificate is stored in a smart card.
 8. A method according to claim 7,wherein the smart card is a SIM card.
 9. A method according to claim 8,wherein the predefined attribute certificate and the root certificateare changeable by means of a SIM application tool kit.
 10. A devicecomprising: means for storing and executing an application in connectionwith function units, the access of which is controlled through aninterface unit and; means for storing at least one predefined attributecertificate defining a generic profile of access rights and linkable tothe application for controlling the interface unit.
 11. A deviceaccording to claim 10, wherein the predefined attribute certificate islinked to a root certificate also stored in the device.
 12. A deviceaccording to claim 11, wherein the predefined attribute certificate andthe root certificate are stored in files and are linked by having anequal value in their respective file properties.
 13. A device accordingto claim 12, wherein the predefined attribute certificate and the rootcertificate are stored in a PKCS#15 structure.
 14. A device according toclaim 11, further comprising: security check means configured toauthenticate the application and to link the application to a storedroot certificate.
 15. A device according to claim 10, furthercomprising: a flash memory for storing the predefined attributecertificate.
 16. A device according to claim 10, wherein the device isconnectable to a smart card for storing the predefined attributecertificate.
 17. A device according to claim 16, wherein the smart cardis a SIM card.
 18. A device according to claim 17, wherein thepredefined attribute certificate and the root certificate are changeableby means of a SIM application tool kit.
 19. A device according to claim10, wherein the device is a mobile telephone.
 20. A smart cardconnectable to a device, the device comprising: means for storing andexecuting an application in connection with function units, the accessof which is controlled through an interface unit; and means for storingat least one predefined attribute certificate defining a generic profileof access rights and capable of being linked to the application forcontrolling the interface unit.
 21. A smart card according to claim 20,wherein the predefined attribute certificate is linked to a rootcertificate also stored in the smart card.
 22. A smart card according toclaim 21, wherein the predefined attribute certificate and the rootcertificate are stored in files and are linked by having an equal valuein their respective file properties.
 23. A smart card according to claim21, wherein the predefined attribute certificate and the rootcertificate are stored in a PKCS#15 structure.
 24. A smart cardaccording to claim 20, wherein the predefined attribute certificate andthe root certificate are changeable by means of a SIM application toolkit.